IPv6 Issues

Discussion in 'Tomato Firmware' started by Nitro9, May 11, 2019.

  1. Nitro9

    Nitro9 Network Newbie Member

    Hi all,

    I'm really hoping someone will be able to shed some light on this and bring some happiness to my current despair!

    My network set ip is as follows, TP Link VR600 used as Modem only -> R7000 Tomato Router on different subnet which acts as the DHCP server distributing to all clients on the network, with a couple of access points with ethernet backhaul on the same subnet too.

    I have managed to get Tomato to connect to the VR600 with IPv6 over RADVD delegated and ULA and RDNSS enabled - however the Tomato router isn't sending out IPv6 addresses to any clients on the network. I have done a ping test through Tomato, all works fine - 0 packet losses.

    However I'm struggling to get the dnsmasq config correct so that it distributes IPv6 addresses to clients.

    In the logs, it is showing the following error repeatedly:
    daemon.warn dnsmasq-dhcp[8590]: no address range available for DHCPv6 request via br0

    Could anyone shed some light on how this should be done? Happy to provide further info, just hit me with the commands to get what you need.

    Thanks in advance!
     
  2. Sean B.

    Sean B. Network Guru Member

    Providing you're using the standard LAN interface br0 on the Tomato router:

    Either in a ssh/telnet shell to the router or via Tools->System commands in the GUI run:

    Code:
    ifconfig br0
    does it show an IPv6 global address? And if so, is the prefix size /64 or smaller?

    Please post a screen shot of the Basic->Network, Basic->IPv6, and Advanced->DHCP/dns pages from the router web interface.
     
    Last edited: May 11, 2019
  3. Nitro9

    Nitro9 Network Newbie Member

    Thank you for replying! Screenshots as requested below!
     

    Attached Files:

  4. Sean B.

    Sean B. Network Guru Member

    Dnsmasq isn't distributing IPv6 IP addresses because it has none to give. The br0 interface has no global addressing at all. Any IPv6 pings etc you've done to the router are either to the link-local IP address of the LAN interface, or ( more likely ) the WAN interface has received a single global DHCPv6 IP address leased to it from one of the other devices on your network ( a drawn map of your network topology would be useful for diagnosing ). Basically, it does not appear the Tomato router is being delegated a prefix that it can use for handing out addresses on its LAN interfaces. The prefix is likely being intercepted upstream by one of your other devices.

    **NOTE** If you're going to manually configure dnsmasq via the custom box, uncheck the boxes for announcing DHCPv6 and SLAAC. As they will add duplicate or conflicting configurations.
     
  5. Nitro9

    Nitro9 Network Newbie Member

    Thank you for this! I've drawn a topology for you, although if you need any further details let me know, and sorry if it's a bit haphazard.

    I've unticked announcing DHCPv6 and SLAAC. However the pings i'm doing aren't to the router, they're from the router on the command line and it's telling me 0 packet losses. Surely this would mean that the R7000 has a connection to the internet via IPv6, just not distributing on the LAN?

    Also a screenshot of the config inside TP Link DHCP IPv6 settings
    Screenshot_2019-05-11_at_11.49.29.jpg Screenshot 2019-05-11 at 11.51.49.png

    Thanks for your help so far!
     
  6. Sean B.

    Sean B. Network Guru Member

    ***EDIT*** I just caught the problem in your diagram. You are using the modems DMZ to avoid double NAT between it and the Tomato router, this will not work with IPv6. If you want the Tomato router to control IPv6 for your LAN, the modem must be put into transparent bridge mode. Otherwise, the router advertisements sent from your ISP that carry the IPv6 global configuration information and delegated prefix will not reach your Tomato router. Currently, the modem is acting as your IPv6 gateway. This will result in the situation I described below, in which the Tomato router will receive a single IPv6 global address on its WAN interface providing global IPv6 connectivity only for the router itself, not anything connected to its LAN side.



    ULA stands for Unique Local Address, it is to IPv6 what 192.168.x.x is to IPv4. On top of that, ff00: is not a valid ULA address space, ff00: is for multicast and has a prefix length of 8 not 64. What you need, and currently do not have, is a global IPv6 prefix. What ISP do you have? I'll need to confirm what type of deployment they use in order to assist you with configuration.

    Example:

    Code:
    root@Storage:/tmp/home/root# ifconfig br0
    br0        Link encap:Ethernet  HWaddr 08:xx:xxx:xx:xx:xx
               inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
               inet6 addr: fe80::a62:66ff:fe3a:5720/64 Scope:Link
               inet6 addr: 2601:xxx:xxx:xxf8::1/64 Scope:Global     <----*********
               UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
               RX packets:100475 errors:0 dropped:0 overruns:0 frame:0
               TX packets:273017 errors:0 dropped:0 overruns:0 carrier:0
               collisions:0 txqueuelen:0
               RX bytes:15075455 (14.3 MiB)  TX bytes:322156204 (307.2 MiB)
    
    root@Storage:/tmp/home/root#

    Note the global address/prefix.

    Keep in mind, with IPv6 you can still ping/connect to link-local clients even without any outside IPv6 connectivity. This is due to each IPv6 enabled client auto generating its own link-local address. This can cause a false implication that IPv6 should be working globally, when in fact the entire configuration is wrong.

    Also, if your WAN interface receives a single global IPv6 address, you would have full IPv6 internet connectivity, but from the router only. If the router does not receive a delegated prefix to use for the LAN interfaces, no LAN clients will be configured with a global IPv6 address.
     
    Last edited: May 11, 2019
  7. Nitro9

    Nitro9 Network Newbie Member

    Got you, this makes sense now.

    ISP is BT Internet (VDSL)

    Would this result in a double NAT, or would transparent bridge mode result in that no occurring?
    If it would result in double NAT, what could be a potentially good fix? I'd rather not use the VR600 as a DHCP server would rather keep it within Tomato.


    Cheers for putting up with my newbie self on this one so far - i'm all good with IPv4 but IPv6 is totally new to me, but would be brilliant to get it up and running!
     
  8. Sean B.

    Sean B. Network Guru Member

    Transparent bridge mode ( if supported by the modem ) will remove double NAT between the modem and Tomato router for IPv4, as well as make the Tomato router your IPv6 gateway. As the name implies, it turns the modem into a transparent bridge, removing its functionality on the network level so that all it does is translate the physical VDSL connection from your ISP into an ethernet connection to the WAN port of your Tomato router.

    FYI: NAT is not used for IPv6, as when configured correctly all LAN clients will have their own globally routed address.

    **NOTE** On most models of modem, transparent bridging can be enabled by the end user via the modems web interface or a telnet shell. On some, it requires a call/chat session with your ISP to enable it from their end. While on a few, it's not supported at all.

    Be aware
    , you will need all the specifics in regards to the type/configuration of internet connection provided by your ISP to configure the Tomato router once the modem is transparently bridged. For PPPoE as example, this means:

    Username
    Password
    MTU
    Whether or not your connection is MLPPP
    Whether or not WAN traffic requires a specific VLAN tag
    etc

    A quick look at your ISPs website only revealed information regarding "BT home hub" equipment and "OpenReach" modems.
     
    Last edited: May 11, 2019
  9. Nitro9

    Nitro9 Network Newbie Member

    Yes the Home Hub is the standard supplied modem/router, however I effectively put the VR600 in its place as it acts as both. However I've essentially got it running as just a dumb modem as its Broadcom chip results in higher sync rates.

    That said, given that it is a Modem/Router. There is no transparent bridge or bridge option annoyingly, so may have to look into a hardware change. I assume there's absolutely no way of doing it given the current set up?

    If I do it in the way you propose, are we looking at everything pretty much falling into place and working straight off the bat with no additional config?

    Cheers
     
  10. Sean B.

    Sean B. Network Guru Member

    Only a modem/router will have bridge mode. A unit that is only a modem is already only a bridge. The VR600 does have bridge mode, you can set it up via the Quick Setup option. Quick Setup->Pick your region/timezone->Select "other" as ISP->Select "bridge" as internet connection type. There are other specifics you need to know about your DSL connection, but that should be the setup you need.

    After that, you need to configure the WAN connection on the Tomato router. I would guess yours is likely PPPoE? From there, you can then get IPv6 configured correctly.

    **NOTE** I would recommend taking screen shots of all the related pages on the VR600 prior to changing over to bridge mode, for reference when configuring the Tomato router WAN.
     
    Last edited: May 12, 2019
  11. Nitro9

    Nitro9 Network Newbie Member

    This worked - thanks so much for your help, really appreciate it!
     
    Sean B. likes this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice